<?php
/**
 * Zend Framework
 *
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://framework.zend.com/license/new-bsd
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@zend.com so we can send you a copy immediately.
 *
 * @category   Zend
 * @package    Zend_Controller
 * @subpackage Zend_Controller_Action_Helper
 * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 * @version    $Id: Url.php 23775 2011-03-01 17:25:24Z ralph $
 */

/**
 * @see Zend_Controller_Action_Helper_Abstract
 */
require_once 'Zend/Controller/Action/Helper/Abstract.php';

/**
 * Helper for creating URLs for redirects and other tasks
 *
 * @uses       Zend_Controller_Action_Helper_Abstract
 * @category   Zend
 * @package    Zend_Controller
 * @subpackage Zend_Controller_Action_Helper
 * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 */
class Base_Controller_Action_Helper_CheckPermission extends Zend_Controller_Action_Helper_Abstract
{
    /**
     * Perform helper when called as $this->_helper->url() from an action controller
     *
     * Proxies to {@link simple()}
     *
     * @param  string $action
     * @param  string $controller
     * @param  string $module
     * @param  array  $params
     * @return string
     */
    const ROLE_GUESTS = 'guests';
    const ROLE_MEMBER = 'member';
    const ROLE_EDITOR = 'editor';
    const ROLE_MASTER = 'master';

    private $acl;
    
    private $permissionLoaded = array();
    
    
    public function __construct()
    {
        $this->acl = new Zend_Acl();
        $this->acl->addRole(self::ROLE_GUESTS)
            ->addRole(self::ROLE_MEMBER, self::ROLE_GUESTS)
            ->addRole(self::ROLE_EDITOR, self::ROLE_MEMBER)
            ->addRole(self::ROLE_MASTER, self::ROLE_EDITOR);
    }
    
    public function direct(Zend_Controller_Request_Abstract $request)
    {
        try {
            $this->loadPermissions($request);
        } catch (Zend_Exception $e) {
            return -2;
        }
        
        try {
            return $this->acl->isAllowed(
                Base_Auth::getRole(),
                $request->module .$request->controller, $request->action
                );
        } catch (Zend_Acl_Exception $e) {
            return -1;
        }
    }
    
    private function loadPermissions(Zend_Controller_Request_Abstract $request)
    {
        if (isset($this->permissionLoaded[$request->module])) {
            return true;
        }
        
        $configs = new Zend_Config_Xml(MODULES_PATH .'/'. $request->module .'/permissions.xml', MODULES_ENV);
        $permissions = $configs->toArray();
        
        if (!isset($permissions['resource'][0])) {
            $permissions['resource'] = array($permissions['resource']);
        }
        foreach ($permissions['resource'] as $resource) {
            $this->acl->add(new Zend_Acl_Resource($request->module .$resource['name']));
            if (!isset($resource['allowed'][0])) {
                $resource['allowed'] = array($resource['allowed']);
            }
            foreach ($resource['allowed'] as $allowed) {
                $this->acl->allow($allowed['role'], $request->module .$resource['name'], $allowed['privilege']);
            }
            
            if (isset($resource['deny'])) {
                if (!isset($resource['deny'][0])) {
                    $resource['deny'] = array($resource['deny']);
                }
                foreach ($resource['deny'] as $deny) {
                    $this->acl->deny($deny['role'], $request->module .$resource['name'], $deny['privilege']);
                }
            }
        }
        
        $this->permissionLoaded[$request->module] = true;
    }
} 